Page 1 of 1
Special Characters in $_FILES['tmp_name'] ?
Posted: Wed Jun 04, 2008 8:30 pm
by eclavito
Hi.
I have a question about how php generates the tmp_name in $_FILES. Is it possible that special characters exists in $_FILES['tmp_name']?
Example : AWs?Q.txt - is this possible?
Thank you and God Bless.
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 6:26 pm
by Chris Corbyn
I'm not sure, but I wouldn't code on the assumption that it won't. You should only ever use that path once (to move the file somewhere else -- and rename it).
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 6:31 pm
by Benjamin
$_FILES['tmp_name'] is set by PHP when a file is uploaded so I'm not sure why your asking this. $_FILES['tmp_name'] is also a string, so yes it can contain anything. As to whether or not it's a valid file name or not, that's OS dependant.
See:
http://www.linux.com/base/ldp/howto/Sec ... names.html
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 6:52 pm
by eclavito
To: astions
As you've said, $_FILES['tmp_name'] is set by PHP when file is uploaded. My question is, Is is possible that PHP sets the tmp_name with special characters like "?", "/", etc.?
I am asking this question because I am using $_FILES['tmp_name'] as a unique identifier for the uploaded files in the database. If PHP sets $_FILES['tmp_name'] with special characters, it will cause possible flaw/s in my system.
I might consider chris' advice.
Thanks for your reply. God Bless.
Please let me know your opinions about this.
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 7:09 pm
by Eran
alternatively you can hash it using md5 or something similar to recieve a unique identifier that is alpha-numeric.
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 7:22 pm
by Benjamin
No there won't be special characters in it.
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 7:25 pm
by eclavito
To : astions
do you have any references? or website that I can refer to?
Thank you very much.
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 8:00 pm
by Benjamin
No I don't. I tried to find out where it was created in the PHP source code but wasn't able to locate it. I have never seen anything other than letters, numbers, underscores and dashes though. The temporary name may be returned by the operating system.
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Thu Jun 05, 2008 8:18 pm
by eclavito
astions,
Thank you very much for your help.

Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Fri Jun 06, 2008 1:26 am
by Chris Corbyn
Really don't rely on $_FILES['tmp_name'] being unique. It's not unique

Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Fri Jun 06, 2008 1:53 am
by Benjamin
Chris is right, it's not designed for that purpose. You can use the
uniqid function.
Re: Special Characters in $_FILES['tmp_name'] ?
Posted: Fri Jun 06, 2008 1:58 am
by eclavito
yes. i think i should try other approach.